The present invention relates to a method for the secure handling of monetary or value units using prepaid data carriers.
Various approaches for operating electronic purses on smart cards have been in development and in service for some years. Besides smart card technology, they also include security electronics for cooperation among the smart card, the computer, and the communication system, as well as billing the transactions conducted using the chip card. A number of approaches have been introduced, both on the national and the international level. Electronic purses are in use in some countries, for example:
field trial, Eisenstadt, Austria, since December 1994
Avantcardxe2x80x94in/Finland
Danmond concept in Denmark
Mondex, in Swinton, England
in addition, an xe2x80x9cintersect electronic pursexe2x80x9d (interbranch electronic purse) is standardized under CIN TC224 WG10.
These systems may use the following methodology.
The first step is the loading of monetary value units into the chip card, the comparable amount that the card holder must provide in a cash or also cashless payment being stored in a so-called xe2x80x9cpooling accountxe2x80x9d of the purse operator. If a card holder subsequently pays using his smart card, monetary value units are deducted from the electronic purse and transferred with the assistance of a security module to a terminal of the service provider. There, the received monetary value units are either accumulated into one amount and settled with the purse operator, or each individual payment operation is submitted to the purse operator for billing. Accumulated amounts or individual data records are either collected on a so-called dealer that the service provider must submit, or transferred on-line, using a suitably equipped terminal, to an accounting unit.
Electronic purse applications which are implemented on a microprocessor card are available. In microprocessor applications, the application is controlled by a chip card operating system, as defined, for example, by the prEN726-3 standard. This application may be distinguished by the storing of monetary amounts on the card, which are reduced by a set amount with every debit charge. Available microprocessor cards, unlike available memory cards, can verify whether the debiting system is authentic, and vice versa. This verification may not be possible using a memory chip card. Moreover, similar systems and methods appear to be discussed in U.S. Pat. No. 4,859,837, PCT Patent Publication No. WO 90/15382 and German Patent Publication No. 42 43 851. German Patent Publication No. 196 04 876 discusses a method for controlling transactions conducted in electronic purse systems.
U.S. Pat. No. 5,777,305 discusses a so-called xe2x80x9cprepaid cardxe2x80x9d, i.e., a card provided with a credit balance and having a specific identifier, which, after being identified by a background system, is deactivated or activated. Following identification, the background system controls the communication and the further sequence of operations. In the process, the information from the prepaid card is read in via a customary terminal. The billing of accounts also takes place under the control of the background system. The value stored on the card is reduced at the time of use, depending on the service.
U.S. Pat. No. 4,825,050 discusses a data protection system, which employs cryptographic techniques for financial transactions.
European Patent Publication No. 0 397 512 discusses a method for preventing unauthorized use of information stored on a card. In this context, the information to be protected is stored both in the card as well as in a background system and, if required, compared to one another. However, due to the time-consuming, repeated comparison operations, a method of this kind may not only be time consuming, but may also require substantial memory space.
U.S. Pat. No. 5,477,038 discusses a method for using prepaid cards. Besides the card identification number, in this case, the card employed also contains a bank identification number and an account number. These data are stored in a magnetic strip that is placed on the card. In spite of the different identification numbers provided, a method of this kind is not secure, since the numbers can be read out from the card for a targeted misuse.
U.S. Pat. No. 5,721,781 discusses an authentication system and method for smart card transactions. In this method, however, only the operation between the card and a terminal is described; the entire system does not have any background system. The three-tiered authentication discussed here may be very complicated, time-consuming, and may require considerable outlay for memory, which is why it may not be suited for large transaction systems having sizable data-processing systems. European Patent Publication No. 0 654 919 discusses authenticating one system part by another system part of an information transfer system in accordance with the challenge and response principle. In this authentication method, a restriction inhibiting computational operations is initially set up in a portable data carrier arrangement, and this can only be canceled by altering an error counter reading. Once the error counter reading has been altered incrementally, and the restriction has been canceled, random data are transmitted as challenge data from the terminal to the portable data carrier arrangement. From the challenge data, authentication parameters are calculated in each case, using at least one algorithm and secret key data, both in the terminal and in the portable data carrier arrangement. The terminal transmits its authentication parameters as a response to the portable data transmission arrangement, where they are compared to the authentication parameters calculated there. If they correspond, the value memory can be reloaded and/or the error counter reset.
International Patent Publication No. WO 98/52163 discusses a method and a circuit arrangement for securely transporting data on an IC card. The data include, for example, application programs, at least one portion of the data being encrypted and a so-called public cipher key being used.
The mostly widely disseminated cards may be phone cards. Phone cards are memory chip cards having an identification region and at least one counter area. Moreover, a service designated as virtual calling card (VCC) has been introduced in the U.S. It allows the customer to place a phone call from any telephone by specifying an access identifier in conjunction with a PIN (personal identification number). These so-called calling card systems may be based on a central control unit having a suitable database and, accordingly, a central computer. Charges are billed, in this context, to an account allocated to the customer. A service of this kind may be becoming increasingly important in Europe. Thus, for example, the February 1995 issue, pp. 44 and 45, of xe2x80x9cDeutsche Telekom AGxe2x80x94Visionxe2x80x9d describes the T-Card used for the connect service of Deutsche Telekom.
This article further discusses that the spectrum of services extends from phone cards to credit cards. For example, paragraph 4.1.2.1., starting on page 61 of the book xe2x80x9cChipkarten als Werkzeugxe2x80x9d (xe2x80x9cChip Cards as Toolsxe2x80x9d) by Beutelsberger, Kersten and Pfau, discusses how memory chip cards are authenticated by employing available challenge-response methods. With the aid of a terminal or card reader, these chip cards are able to identify the cards and check them for plausibility. An authentication is undertaken in a security module built into the terminal.
German Patent Publication No. 196 04 349 discusses a method for verifying memory chip cards which appears to enable a two-tiered or multi-tiered authentication to be performed with the assistance of cryptographic functions and a terminal.
It is believed that the drawback of the methods and systems discussed herein lies in that the particular value, i.e., the value units, is/are stored on the data carrier, for example of the smart card or of the microprocessor card. The terminals recognize the value stored on the data carrier and reduce the value on the data carrier depending on the price of a service that is bought or sold. Due to the large number of prepaid data carriers in circulation, one may not have kept so-called shadow accounts or shadow balances in the terminals and/or their background systems. Thus, it may not be possible for the terminals and their background systems to verify, for example, the set value of a data carrier that is in use. By manipulating or falsifying the data carrier, one can, therefore, generate monetary or value units that the operator of a transaction system would actually be entitled to. Current estimates place the resultant global losses suffered by the operators on a monthly basis, at a two-digit amount in the millions.
Systems having shadow accounts or shadow balances may require that large volumes of data be transmitted in the system. Further, many terminals are not connected on-line, but only transmit the data records with a time delay. For that reason, manipulations are not immediately detectable.
An exemplary method of the present invention provides a method for securely handling monetary or value units using prepaid data carriers, such as smart cards, magnetic strip cards, or the like, in electronic transaction systems, such as phone card systems, purse systems, and the like, which will render any card manipulation worthless and, where necessary, will reduce the substantial outlay for data communications in the available or similar systems.
When the exemplary method according to the present invention is applied, a potential cheater or attacker is forced to manipulate or scan the background system of the operator, i.e., to probe through various identification patterns to arrive at the equivalent of a particular data carrier or smart card. This is much more difficult for the cheater to do, than is manipulating the particular data carrier in the form of a memory chip card or a microprocessor chip card. On the other hand, it is much simpler for the operator to protect a central background system in a secured environment from unauthorized access. For example, if a cheater discovers an identification pattern by scanning, then all that is available to him is merely the equivalent of this one data carrier or identification pattern. The same effort is required for of him to scan the next identification pattern. Important in this case is that the manipulation of the data carriers themselves is made ineffective by this method. The value of a copy, i.e., of a simulation of data carriers, would also be limited to only the particular, small active value of the individual data carrier. A further benefit of the exemplary method is that it may reduce the high expenditure for data transmission required by available methods that involved shadow accounts. The reaction times in response to recognized security problems in the background system are substantially shorter than previous methods, and the allocation of service features for identification purposes can now be undertaken in the central computer or in the central control unit of the background system.